cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

524
Views
10
Helpful
3
Replies
Highlighted
Beginner

Cisco AnyConnect NAM module upgrade

Hello, guys.
Cannot find info if we can upgrade NAM from ASA ?
Does someone know if it is possible ?

AnyConnect itself upgrades successfully from ASA but AC and NAM versions should match.
In addition to this NAM installation breaks up network connectivity so I assume the module should be downloaded completely before run.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
VIP Mentor

Hi

Usually this is done using package manager like sccm.
However, you can push a batch file from asa to be executed after anyconnect is established to download the msi package from your lan and install it in silent mode.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

3 REPLIES 3
Highlighted
VIP Mentor

Hi

Usually this is done using package manager like sccm.
However, you can push a batch file from asa to be executed after anyconnect is established to download the msi package from your lan and install it in silent mode.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

Highlighted

Technically it is possible but my experience with this is poor. I did this
once and was kind of disaster. People lost network and had to uninstall
then connect to vpn again and some needed driver update etc etc

Go for sccm cuz its more stable approach and make sure that you do it on
groups
Highlighted
VIP Engager

As mentioned by others your best bet is to probably rely on something such as SCCM. I have had issues with a similar situation relying on ISE provisioning portal to upgrade AC modules such as NAM while having a VPN session established. In my experience testing this with ISE CPP a vpndownloader.exe would get pushed here: C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Temp\Downloader and AnyConnect would always fail to launch the exe. As far as deploying from ASA itself I can't fully relate, but take a look at the WebDeploy sections here: https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect46/administration/guide/b_AnyConnect_Administrator_Guide_4-6/deploy-anyconnect.html#ID-1425-000003d1
Also see here for free tutorials: labminutes.com/video/sec
I strongly suggest to run through tests because NAM can be tricky, meaning it can kill network connection. HTH!